Subject review: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

Abstract

Intrusion detection system (IDS) is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. If anomaly traffic pass through the network IDS would generate a false positive which means it only detects the malicious traffic, takes no action and generates only alerts but IPS detects the malicious traffic or suspicious activity, takes the actions like terminate, block or drop the connections. This paper provides an explanation of network intrusion, detection, and prevention to overcome them.